Today, the majority of critical business applications such as CRM systems, office productivity, unified communications, contact center and more are in the cloud, so a technology that routes a user into the network just to send it back out doesn’t seem optimal, to say the least. To get an understanding of how inefficient this process is, I’ll try and illustrate the flow:
A user wants access to company resources, so invokes the company’s preferred VPN client to connect to the local VPN concentrator.
Once connected, the traffic must pass through additional security appliances, such as firewalls, intrusion-prevention systems, internal load balancers, and more. If the user works at a large enterprise, the traffic probably had to traverse global load balancers front-ending the VPN concentrators, adding to the list of appliances.
The user gains full network access to company resources, which could have regulatory implications.
If the user connected to a remote office, the session must pass over the WAN to the data center, and then out to the Internet.
The user is finally able to connect to Office 365, Amazon Web Services, or other cloud service required.
That entire sequence then takes place in reverse when sending the data back to the user.
Again… not optimal, to say the least.
In developing ZPA, Zscaler rethought remote access in the era of cloud, and architected it on the following four principals:
Remote users should never be placed on the network. Rather, they should be granted application access. With no network access, IP addresses become irrelevant.
Applications are invisible to unauthorized users. If a user’s access is compromised, a zero-trust model prevents this leading to an application breach.
Application-level micro-segmentation enables IT to deliver precise policy-based application access to users.
The Internet becomes the new corporate network. Trust no one, and encrypt everything… Fox Mulder would be proud.
I recommend reading the article to get more details. The system is more secure, it prevents people from by-passing security, it materially increases performance, and it is more cost effective. This particular product is currently 10% of revenue for Zscaler but growing faster than ZIA (their primary product). The CEO stated that it may take a long time for ZPA to catch up however as ZIA is growing rapidly itself.
I do own Zscaler, and buy it every time it falls below $4 billion in marketcap. It is one of my 3 holdings. It is a founder run company, with the founder owning 23% of the shares, a serial entrepreneur who decided not to sell out Zscaler pre-IPO to Cisco (who made an offer) and to whomever else did. He is already quite wealthy from his prior businesses and this is his baby and the remainder of his life’s work.
The only issue anyone has with Zscaler is valuation. You guys can all debate that. I look at forward valuation. On a forward basis 50% growth is $285 million in revenues against enterprise value is around 14-15x, which is much less expensive than a company like Veeva, as an example. Zscaler is growing much faster, has the same cash printing abilities, has the same high switching costs, long-term (perhaps lifetime customers) and is clearly valued below take out value at this point in time (should that become possible given the founders large holdings in the company). That creates a floor and for me removes the valuation risk.
That does not remove execution risk, or disruption risk. Of course things change if customers suddenly stop buying the product like what happened with the Blue Coat half of Symantec last quarter (Blue Coat was the only other company in the SWG leader quadrant and Symantec bought them - Symantec earnings were so bad last quarter that the largest shareholder rebelled - and the issue was the SWG side of things, not the end point security that Symantec had prior to Blue Coat). My inference is that the Blue Coat products are no longer selling because they are expensive and complicated vs. what Zscaler offers. Blue Coat is negative growing while Zscaler is growing billings at 75% YoY.
Point being you never know when you go from leader to hitting the wall. But that normally happens only when you get disrupted. So judge for yourself.
But that is part of the reason why I own Zscaler and buy it whenever it falls below $4 billion in enterprise value. Might I change my mind at some point? Yeah. I sold off ANET and SHOP when it was time to do so. And that could happen at any time. However, in the end I find that doing nothing until you have to do something is the best way to increase your wealth if you buy category killers at good buy points and just keep adding. That is one of my holdings and part of why I own it for now and it would be great if I can continue to hold it.